What is a zero-day vulnerability?
D2 ยท Threats ยท CompTIA Security+ SY0-701A zero-day vulnerability is a security flaw in software or hardware that is unknown to the vendor and therefore has no available patch. The term "zero-day" refers to the fact that developers have had zero days to fix it.
Zero-day exploit โ malicious code that attacks the zero-day vulnerability.
Zero-day attack โ an active attack using a zero-day exploit before a patch exists.
Once discovered and disclosed (responsibly or publicly), vendors race to patch it before widespread exploitation.
Zero-day exploit โ malicious code that attacks the zero-day vulnerability.
Zero-day attack โ an active attack using a zero-day exploit before a patch exists.
Once discovered and disclosed (responsibly or publicly), vendors race to patch it before widespread exploitation.
Zero-days are extremely dangerous because no patch exists. Defenses rely on: behavioral detection (EDR), network segmentation, least privilege, and compensating controls. Responsible disclosure programs encourage researchers to report privately to vendors. Nation-state actors and criminal groups pay millions for zero-days.